Russian Security Agents Raid Moscow Offices Of Major Cybersecurity Company
By Mike Eckel September 29, 2021
Russian security agents raided the Moscow offices of Group-IB, a leading Russian cybersecurity company known for its work in tracking down hackers and fighting theft and cyberfraud.
The company's founder and chief executive, Ilya Sachkov, was detained on charges of state treason and ordered held in pretrial detention for two months, according to Russian news outlets that cited a Moscow court.
In a statement to RFE/RL, Group-IB confirmed that the company's office had been searched on September 28 and said that law enforcement agents were on the company's premises for several hours.
The reason for the search was not clear, the company said.
The news channel RTVI said its reporters saw plainclothes officers carrying boxes and other items to a van outside the Group-IB office on September 28.
Neither the Interior Ministry nor the main Russian security agency, known as the FSB, made any immediate public statement about the case as of September 29.
The press service for Moscow's Lefortovo District Court, which Russian media reports said had ordered the pretrial detention for Sachkov, did not respond to e-mail queries.
A later statement issued by Group-IB said the company was studying the charges reportedly filed against Sachkov, and that the company's co-founder, Dmitry Volkov, would take over leadership.
"Group-IB's team is confident in the innocence of the company's CEO and his business integrity," it said.
Not as well-known in the West as its bigger rival Kaspersky Lab, Group-IB, founded in 2003, has grown markedly over the past decade as cybercrimes have increased globally -- as well as demand for companies and consultants able to both thwart the crimes and help defend against them.
In addition to Moscow, the company now has headquarters in Singapore, London, New York, and Dubai.
While the details of the case weren't immediately clear, the fact that Sachkov was reported by Russian media outlets to be facing charges of state treason was a signal of potential major legal problems for him.
In past years, Russian authorities have brought state treason charges against private-sector executives, as well as Russian intelligence officers involved in major cybersecurity investigations.
The FSB itself was roiled by a scandal in 2016 involving officers with the service's cybersecurity unit.
Those officers were accused of passing classified information to Western intelligence services. Two of the officers, however, openly cooperated and shared tips and other intelligence with Western counterparts, including the U.S. Justice Department.
That led some experts to conclude they were being punished retroactively for cooperation that had previously been sanctioned by superiors.
One of the investigations that U.S. authorities pursued targeted a Russian man named Yevgeny Nikulin, who was arrested in the Czech Republic in October 2016 and extradited to the United States to stand trial on charges that he hacked the U.S. tech companies LinkedIn, DropBox, and Formspring, a lesser-known social-media company.
In 2020, Nikulin was convicted by a jury and sentenced to just over seven years in prison.
In April 2014, as part of the U.S. investigation, FBI agents traveled to Moscow to meet with Russian cybersecurity officials, a meeting that was sanctioned by Russian law enforcement.
Among the people who were interviewed was Nikita Kislitsin, who had been indicted by a U.S. grand jury on cybertheft charges the previous month.
At the time of the meeting, Kislitsin was employed by Group-IB.
Prior to that, however, Kislitsin had been well-known in Russia's cyberunderground and was acquainted with Nikulin, whom he described as the "Putin" of the hacking world.
Nikulin and Kislitsin had attended a meeting at a Moscow hotel in March 2012, along with several other Russians and Ukrainians, at a gathering that was dubbed the "summit of bad motherf*****s," according to evidence submitted in Nikulin's trial.
Kislitsin allegedly worked with another notorious Russian hacker, Aleksei Belan, to buy from Nikulin data from Formspring. Belan is now on the FBI's list of its most-wanted hackers.
In his meeting with FBI agents, Kislitsin was notified of his rights by the FBI agents, according to filings in U.S. federal court. Kislitsin then indicated that he was "open for collaboration" and wanted to "mitigate problems."
Group-IB told RFE/RL last year that Kislitsin was hired in January 2013 and later became the company's director of network security.
Kislitsin could not be immediately reached for comment.
For some experts, the raid on Group-IB and the treason charges that Sachkov faces were a shock.
Andrei Soldatov, a longtime expert on Russian security services and cybercrimes, noted that in recent months there have been positive statements issued in Moscow and Washington about renewing cooperation in the area of cybercrimes, particularly regarding ransomware attacks.
Sachkov's arrest called that into question, he said.
"All this talk of possible international cooperation in cybercrime investigations we've heard since the spring and the start of ransomware attacks -- all this optimism that this cooperation with the Russians is actually possible -- it seems to be completely misplaced," Soldatov told RFE/RL.
While Group-IB says its clients now include major Russian corporations and foreign companies, the company has also collaborated with Russian law enforcement and security agencies on cyber-investigations.
At a 2019 meeting at the Kremlin, where he was one of several entrepreneurs receiving an award, Sachkov explained the company's background to Putin.
"We started out with investigations of high-tech crimes, collaborating withâ€¦the Investigative Committee, the FSB, the Interior Ministry. And then we began to make products that use machine learning and artificial intelligence to prevent attacks at an early stage," Sachkov said.
With reporting by Kommersant and Forbes
Copyright (c) 2021. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.
|Join the GlobalSecurity.org mailing list|